Secure your NAS device

To protect your LAN and device, it is crucial to secure your router. Any incoming traffic to your network filters through your router first. It acts as a barrier between your connected devices and the internet.

Check if the firewall on your router is on, which is a built-in feature with most routers. Firewalls help to prevent suspicious traffic from entering your network. It will allow or deny traffic based on security rules.

Learn how to secure your Wi-Fi and router.

You can be at risk of cyber attacks if you expose your device to the internet. Set up your device securely in your LAN to protect it from unwanted connections.

Connect your NAS device to your router or switch. Use an Ethernet cable to link a LAN port on your device to an Ethernet port on your router or switch. This uses the security protections of your router to protect from online threats.

For more security, consider blocking all access from the internet to your NAS device. This is effective if you only need to access it within your LAN. You can often set this in your device’s firewall settings – Check the firewall is on.

Note: allowing access to your device over the internet increases its attack surface. Make sure to put proper protections in place or speak to an IT professional for help.

Make sure to keep your NAS device up to date. Software updates give your device the most recent security features. Delaying an update could leave your device at risk.

Check that automatic updates are on and install updates as soon as possible. Also, keep your installed applications (apps) and programs up to date.

Find out how to update your device and software.

You won’t get regular updates if your device has reached end of support. In this case, upgrade to a newer product or remove software if there are no newer versions available.

Backups help you recover data if it becomes lost, damaged or compromised. Regularly back up your device and store copies external to your network when not in use. Your device may have built-in backup features or you may need to download an app.

Make a regular backup routine based on how often your data changes. Your routine could be hourly, daily or weekly. Use automatic backups to help make it easier.

You can store your backups on media such as an external hard disk and cloud storage. Test your backups often to make sure you can restore old or deleted data.

Find out how to back up your files and devices.

RAID (redundant array of independent disks) is often confused as being a type of backup. This only stores data in several locations on the same device to protect it from drive failures. Your data may not be recoverable if compromised by a cyber attack such as ransomware.

Over time, you download and use many different services and apps. Make sure to disable or remove any that you no longer use. This will reduce the attack surface of your device.

Check for unused services in your device’s network settings. This could include services such as File Transfer Protocol (FTP) and Secure Shell (SSH). Also check your device’s app centre for unused apps.

You should also close all unused ports. A port acts as a gateway, guiding connections from the internet to your device. An attacker could use open and unsecure ports to compromise your device.

Protocols let your NAS device talk to and transfer files with other devices. Use protocols with modern and secure encryption and authentication. This helps to prevent someone from being able to intercept, change or steal your data.

Some protocols can be more secure than others. Some examples are Hypertext Transfer Protocol Secure (HTTPS) and Secure FTP (SFTP).

NAS devices often come with a default admin account. This account may have a common username like ‘admin’ and a weak password. Default login details can be easy for someone to guess.

Make sure the default admin account has a unique username and password. If you can’t change the login details, create a new admin account. From this new account, you can disable or delete the default admin account.

Limit the amount of admin accounts, and only use it for admin tasks like installing software. Find out how to secure your user account.

Your user accounts are at risk if not secured with strong login methods. We recommend using the following.

Multi-factor authentication

Turn on multi-factor authentication (MFA) for all user accounts, especially admin accounts. MFA is when you need 2 or more steps to verify your identity before you can log in. For example, using your login details as well as an authentication code.

Where MFA is unavailable, use a strong password. Learn more about MFA.

Strong passwords

Use a strong and unique password such as a passphrase for each account. A passphrase has 4 or more random words like ‘crystal onion clay pretzel’. Passphrases are easy to remember but hard for someone to guess.

Don’t use information that could be common knowledge in your passwords. For example, avoid using your date of birth, postcode or pet’s name. Learn more about passphrases.

Consider using a password manager to create and store your passwords and passphrases. Learn more about password managers.

Unrestricted users can pose a risk to your data. The more access a user has, the more data they can view, alter or delete. This could also give a malicious actor access to more data if they compromise a user account.

Regularly review and manage user access to folders and files on your device. Set which users can access and make changes.

For businesses, grant staff access only to the resources they need to do their job. Manage secure user access by making sure you:

• give each user their own user account
• authenticate each user
• allow each user the least privilege needed for their role
• remove user privileges or accounts as soon as they are no longer needed
• limit the number of admin accounts and only use them for admin tasks.

Antivirus software helps to protect your device from malware. It can scan, detect and remove software it deems as malicious. Your device may come with built-in antivirus software, which you can often find in its app centre.

You can also download third-party software. It may offer better security features than the built-in software. Learn more about using antivirus software.

Encryption is one of the best ways to protect information stored on your device. It ensures that only authorised users can access your data. Even if someone intercepts your data, it will be unreadable.

Encrypt your stored data – especially anything that is sensitive or personal. This could include names, addresses, payment information or medical records. Consider any data that could have a serious impact if compromised.

Use strong encryption keys that are long, unique and complex. Store encryption or recovery keys in a safe and secure location like a password manager. Note, your data could be unrecoverable if you lose your encryption keys.

Like most routers, most NAS devices include a built-in firewall. Check that the firewall on your device is on. It is often enabled by default or you may need to download an app to use this security feature.

Firewalls allow or deny network traffic based on rules. To stay secure, set a rule to allow traffic only from local IP addresses. This will block access to your device from the internet. Only devices on your local network will have access.

Track your device activity and connections with system logs. Check crucial logs often, such as failed login attempts and changes to settings. This can help make you aware of any malicious activity. It can also aid incident responders in their recovery process.

Store your logs in a secure, centralised location. This makes it easier to manage and check your network activity. You can also set your device to collect logs from other systems in your network.

For improved security, consider using a security information and event management (SIEM) tool. This can help detect, analyse and respond to threats on your network. Research a reputable product or ask an IT professional for help.

Learn more about best practices for event logging and threat detection.

Make sure to enable IP blocking in the network settings of your device. This feature may have a different name depending on your device.

This feature blocks an IP address after a certain number of failed login attempts. This helps prevent cybercriminals from attempting to guess your login details.